Linux Distros Unpatched Vulnerability : CVE-2025-8579

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific ...

Fedora 42 : libarchive (2025-47e73aaaea)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-47e73aaaea advisory. Rebase due to a lot of CVE fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2022-40152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied...

Linux Distros Unpatched Vulnerability : CVE-2023-52805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation proble...

macOS 13.x < 13.7.8 (124929)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.7.8. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...

Linux Distros Unpatched Vulnerability : CVE-2025-38495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the firs...

Mozilla Firefox ESR < 140.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-67 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ES...

Linux Distros Unpatched Vulnerability : CVE-2018-4199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTun...

Linux Distros Unpatched Vulnerability : CVE-2023-48184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS before 7414e5f has a quickjs.h JSFreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. CVE-2023-48184 Not...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1143)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1143 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Linux Distros Unpatched Vulnerability : CVE-2024-43363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat t...

Linux Distros Unpatched Vulnerability : CVE-2020-25864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...

Linux Distros Unpatched Vulnerability : CVE-2025-6595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MultimediaViewer.This issue...

Security Updates for Microsoft Visio Products C2R (August 2025)

The Microsoft Visio Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instea...

Security Updates for Microsoft Word Products C2R (August 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead...

Fedora 42 : libtiff (2025-a78662be2c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a78662be2c advisory. - fixes CVE-2025-8534: null pointer dereference in tiff2p - fixes CVE-2024-13978: null pointer dereference in tiff2pdf Tenable has extracted the...

Fedora 42 : pandoc (2025-07fdd73bf0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-07fdd73bf0 advisory. update MANUAL to cover threat related to user HTML iframe Tenable has extracted the preceding description block directly from the Fedora security advisory...

Security Updates for Microsoft Office Products C2R (August 2025)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instea...

Malicious code in @teamteanpm2024/quae-dolorum-dolores (npm)

The package @teamteanpm2024/quae-dolorum-dolores was found to contain malicious code...

GitLab 11.6 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-2614)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial ...